Security News

A now-fixed Sudo vulnerability allowed any local user to gain root privileges on Unix-like operating systems without requiring authentication. Sudo is a Unix program that enables system admins to provide limited root privileges to normal users listed in the sudoers file, while at the same time keeping a log of their activity.

Jack Wallen walks you through some of the steps you can take to check for and mitigate distributed denial of service attacks on a Linux server. Recently I wrote a piece on how to detect and stop a DoS attack on Linux.

If you're not sure how to view your SSH certificates, Jack Wallen walks you through the steps on Linux, macOS, and Windows.

A recently identified piece of malware is targeting Linux devices to ensnare them into a botnet capable of malicious activities such as distributed denial of service and crypto-mining attacks. Dubbed FreakOut, the malware is infecting devices that haven't yet received patches for three relatively new vulnerabilities, including one that was made public earlier this month.

Researchers are warning a novel malware variant is targeting Linux devices, in order to add endpoints to a botnet to then be utilized in distributed-denial-of-service attacks and cryptomining. It is actively adding infected Linux devices to a botnet, and has the ability to launch DDoS and network flooding attacks, as well as cryptomining activity.

Seven vulnerabilities affecting Dnsmasq, a caching DNS and DHCP server used in a variety of networking devices and Linux distributions, could be leveraged to mount DNS cache poisoning attack and/or to compromise vulnerable devices. "Some of the bigger users of Dnsmasq are Android/Google, Comcast, Cisco, Red Hat, Netgear, and Ubiquiti, but there are many more. All major Linux distributions offer Dnsmasq as a package, but some use it more than others, e.g., in OpenWRT it is used a lot, Red Hat use it as part of their virtualization platforms, Google uses it for Android hotspots, while, for example Ubuntu just has it as an optional package," Shlomi Oberman, CEO and researcher at JSOF, told Help Net Security.

An active malicious campaign is currently targeting Linux devices running software with critical vulnerabilities that is powering network-attached storage devices or for developing web applications and portals. The purpose is to infect machines with vulnerable versions of the popular TerraMaster operating system, the Zend Framework, or Liferay Portal with FreakOut malware, which can help deploy a wide variety of cyberattacks.

An ongoing malware campaign has been found exploiting recently disclosed vulnerabilities in network-attached storage devices running on Linux systems to co-opt the machines into an IRC botnet for launching distributed denial-of-service attacks and mining Monero cryptocurrency. Regardless of the vulnerabilities exploited, the end goal of the attacker appears to be to download and execute a Python script named "Out.py" using Python 2, which reached end-of-life last year - implying that the threat actor is banking on the possibility that that victim devices have this deprecated version installed.

Parasoft announced its C/C++test update to support IAR Systems' build tools for Linux for Arm. IAR Build Tools for Linux inspired the update of Parasoft's unified testing solution for C/C++test software development.

Microsoft on Monday announced that Microsoft Defender for Endpoint on Linux now provides endpoint detection and response capabilities to all users. Initially available on Windows only, Microsoft Defender for Endpoint has received support for all major platforms, and is now available on macOS, Linux, Android, and iOS, the Redmond, Wash.